Data Protection Day 2021, the view from the frontline

Robert Meyers, channels solutions architect and fellow of information privacy at One Identity

“2020 was a very tumultuous year and, in privacy, some good things happened, and some bad things happened. On the good side, we had the NIST Privacy Framework 1.0, and on the bad side, breach after breach, let alone things that aren’t directly privacy related. The problem with privacy programs is there is too much that comes under the category of privacy, and a lot of people don’t understand what that means. 2021 is a year starting with hope: privacy professionals finally have some simple tools.

When building privacy programs it’s imperative to utilize the new tools, like the NIST Framework to build a privacy program, and build strong cybersecurity programs around privileged accounts, control data access, and implementing least privilege management tools. While doing this, remember this is part of the privacy program too. With good things on the horizon and the tools available to make understanding privacy easier, 2021 starts as a year of hope. With the NIST Framework privacy programs, privacy professionals and people who are interested in privacy now have a checklist. This is something we’ve never had at this level before, which makes the future look clear for the first time since privacy programs began.” 

Andy Renshaw, VP of payment solutions and strategy at Feedzai

“Consumers and businesses need to pay close attention to fraud techniques that have become increasingly common and Data Privacy Day is a good reminder to review these. Fraudsters likely need some amount of personal data on victims to carry out the bulk of their tactics to dupe users for their financial gain. And there are a lot of compromised accounts out there, with entire databases of stolen credentials for sale on the Dark Web.

This almost ubiquitous availability of compromised accounts credentials means the industry needs to really think about the long-term threat that this ubiquity presents – and how they can address it through real time response and insights to stop fraudsters in their tracks. It’s likely this will become mandatory in the coming years, particularly for banks and organisations that deal with high amounts of transactions. Those that choose to take stock now and address these issues will be the winners in the long run, both from a compliance and regulatory standpoint and winning trust from consumers.”

Michael Barragry, operations lead and security consultant at Edgescan

“In an ideal world, we wouldn’t need to be reminded of the importance of protecting customer data. Unfortunately, we all know too well that things can go wrong and, all too often, the security of user data comes as an afterthought for organisations. For this reason, it’s still important to have conversations about how companies handle their customers’ data, as well as to try and steer big tech to be more protective with the information they collect. Since a lot of their revenue originates from advertisers, they are always going to be incentivised to favour their clients and offer them detailed user data wherever possible – regulators need to maintain a balance here and prioritise user privacy.

It would be good to see more proactive steps being taken, rather than retrospective fines. Users need to be proactive as well – instead of mindlessly clicking through cookie warnings, there is often value in taking some extra time to select the minimum required cookies for a functional experience.”

Niamh Muldoon, Global Data Protection Officer for OneLogin:

“Today is Global Data Protection/Privacy Day. It’s a good opportunity to remind yourself of the data privacy and data protection principles that keep us all safe.  Many people think data privacy just focuses on PII data and associated regulations such as GDPR and CCPA but it is significantly wider than that. In summary, it’s all about only using the data for the business purpose that it is collected for. There is no doubt that Personally identifiable information (PII)  is a core data set to privacy.  Having an appropriate access control framework in place supports not only adhering to data privacy regulatory requirements, but enables your business to operate to best practices for data privacy. This framework should incorporate strong authentication using multi-factor authentication, enhanced multi-factor authentication for authorisation where appropriate, and accountability via monitoring/alerting.”

Chris Hauk, consumer privacy champion at Pixel Privacy:

“I can’t stress enough the importance of parents teaching their kids about online safety and security. While parents may teach their offspring about offline safety – like telling them to never talk to strangers and to look both ways before crossing a street – many don’t take the same care when it comes to online safety and security.

Teach your children to know that whatever is posted online is forever, this includes personal information, photos, videos, and more. Kids need to understand that personal information is the most valuable currency on the internet today. Teach them to never share personal info like photos, addresses (both physical and email), phone numbers, and other identifying information.

Kids should be taught why protecting their information is important. Show them how to control the exposure of their personal information in their favourite apps, games, and social platforms. Make sure identifying features such as location tracking are turned off, both in the social and gaming apps and in other apps, such as the camera app, which can include location info in photo metadata.

Don’t simply hand a child an electronic device to keep them occupied and out of your hair. Spend time with your offspring, show them how to safely use apps and social networks, discuss how to report online predators or if they’re the victim of online bullying.”

Javvad Malik, security awareness advocate at KnowBe4
“Privacy is a human right – and rightly so. But it’s also the currency we trade in online. With regards to online services, we often say, “if you don’t see the product, you are the product.” Our name, age, body type, location, diet, likes, dislikes, fears, loves, preferences… we hand over everything willingly to providers in exchange for services which have no dollar cost associated.

On the surface, this is a win-win situation, consumers get access to amazing services, and providers can sell on data to the highest bidder. But where does this arrangement leave privacy? What option does it leave for those who don’t want to trade their personal information just to stay in touch with friends or to use global services? As a society, we’ve built and accepted an environment which pays lip service to privacy.

While we can, and should take steps to protect our privacy – a fundamental change is needed in how we architect, build, and consume online services.”

0
0
vote

Article Rating